Check Token
Analyze a token for fraudulent activity patterns. The Fraud Engine examines on-chain behavior to identify scams, manipulation, and coordinated malicious activity across a token's liquidity pools.
Endpoint
GET https://enterprise.guardis.io/v1/fraud/checkAuthentication
Include your API key in the X-API-Key header.
X-API-Key: your_api_key_hereQuery Parameters
token_address
string
Yes
The mint address of the token to analyze
Example Request
curl -X GET "https://enterprise.guardis.io/v1/fraud/check?token_address=5GTRGGnmbMCjCUnc3xMweCgVqDEtSDxTdvVdwutcpump" \
-H "X-API-Key: your_api_key_here"Response Format
Returns an array of fraud classifications detected for the token. Each classification represents a distinct fraud pattern identified.
{
"token_address": "5GTRGGnmbMCjCUnc3xMweCgVqDEtSDxTdvVdwutcpump",
"is_fraudulent": true,
"risk_score": 87,
"classification_count": 2,
"classifications": [
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"token_address": "5GTRGGnmbMCjCUnc3xMweCgVqDEtSDxTdvVdwutcpump",
"pair_address": "GRQB4P9MmorUwut8kb43RyHKJWo3Ce1EAvENPmNUbAhN",
"fraud_type": "traditional_bundle",
"confidence_score": 0.92,
"confidence_level": "critical",
"evidence": [
{
"id": "f1e2d3c4-b5a6-7890-fedc-ba0987654321",
"evidence_type": "bundled_transaction",
"description": "5 wallets executed buy transactions in the same block within a single bundle",
"weight": 0.85,
"data": {
"type": "transaction",
"payload": {
"signatures": [
"5UfDuX...",
"3KpLmN...",
"9RtYwQ..."
],
"slot": 284521789,
"wallets": [
"9WzDXwBbmPELPRCRjT7MjGJfvY8er2xJZxU7S4DF9mXz",
"7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
"HkL9mNoPqRsTuVwXyZ1aBcDeFgHiJkLmNoPqRsTuVw"
],
"total_value_sol": "45.892847291",
"total_value_usd": "18023.235215",
"is_bundled": true
}
},
"collected_at": "2025-12-07T07:11:03.000Z"
},
{
"id": "c3d4e5f6-a7b8-9012-cdef-ab3456789012",
"evidence_type": "common_funding",
"description": "All 5 buy wallets were funded by the same source wallet within 10 minutes of token creation",
"weight": 0.78,
"data": {
"type": "wallet_relation",
"payload": {
"source_wallet": "FundingSource123abc...",
"related_wallets": [
"9WzDXwBbmPELPRCRjT7MjGJfvY8er2xJZxU7S4DF9mXz",
"7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
"HkL9mNoPqRsTuVwXyZ1aBcDeFgHiJkLmNoPqRsTuVw"
],
"relationship": "direct_funding",
"strength": 0.95
}
},
"collected_at": "2025-12-07T07:11:03.000Z"
},
{
"id": "d4e5f6a7-b8c9-0123-def0-bc4567890123",
"evidence_type": "supply_concentration",
"description": "Bundle wallets acquired 47.3% of token supply at launch",
"weight": 0.72,
"data": {
"type": "supply_distribution",
"payload": {
"token_address": "5GTRGGnmbMCjCUnc3xMweCgVqDEtSDxTdvVdwutcpump",
"top_holders": [
{
"wallet": "9WzDXwBbmPELPRCRjT7MjGJfvY8er2xJZxU7S4DF9mXz",
"percentage": "18.42",
"is_suspicious": true
},
{
"wallet": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
"percentage": "15.87",
"is_suspicious": true
},
{
"wallet": "HkL9mNoPqRsTuVwXyZ1aBcDeFgHiJkLmNoPqRsTuVw",
"percentage": "13.01",
"is_suspicious": true
}
],
"suspicious_percentage": "47.30",
"gini_coefficient": 0.847
}
},
"collected_at": "2025-12-07T07:11:03.000Z"
}
],
"involved_wallets": [
{
"address": "9WzDXwBbmPELPRCRjT7MjGJfvY8er2xJZxU7S4DF9mXz",
"role": "attacker",
"tokens_acquired": "184200000.000000",
"sol_amount": "15.847291635",
"first_seen_slot": 284521789,
"labels": ["bundle_buyer", "high_concentration"]
},
{
"address": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
"role": "bundler",
"tokens_acquired": "158700000.000000",
"sol_amount": "12.293847291",
"first_seen_slot": 284521789,
"labels": ["bundle_buyer"]
},
{
"address": "FundingSource123abc...",
"role": "funding_source",
"tokens_acquired": "0.000000",
"sol_amount": "50.000000000",
"first_seen_slot": 284521750,
"labels": ["funder", "known_scammer"]
}
],
"estimated_value_at_risk": "28472.91",
"detection_slot": 284521790,
"pattern_start_slot": 284521789,
"created_at": "2025-12-07T07:11:03.000Z",
"updated_at": "2025-12-07T07:11:03.000Z",
"status": "active"
},
{
"id": "b2c3d4e5-f6a7-8901-bcde-fg2345678901",
"token_address": "5GTRGGnmbMCjCUnc3xMweCgVqDEtSDxTdvVdwutcpump",
"pair_address": "GRQB4P9MmorUwut8kb43RyHKJWo3Ce1EAvENPmNUbAhN",
"fraud_type": "wash_volume",
"confidence_score": 0.74,
"confidence_level": "high",
"evidence": [
{
"id": "e5f6a7b8-c9d0-1234-efab-cd5678901234",
"evidence_type": "circular_flow",
"description": "Detected circular trading pattern: A→B→C→A with 12 cycles over 2 hours",
"weight": 0.82,
"data": {
"type": "timing",
"payload": {
"timestamps": [
"2025-12-07T08:15:00.000Z",
"2025-12-07T08:22:00.000Z",
"2025-12-07T08:29:00.000Z"
],
"slots": [284522100, 284522200, 284522300],
"time_deltas_ms": [420000, 420000, 420000],
"pattern": "Regular 7-minute intervals between cycle completions"
}
},
"collected_at": "2025-12-07T10:30:00.000Z"
}
],
"involved_wallets": [
{
"address": "CycleWallet1abc...",
"role": "intermediary",
"tokens_acquired": "50000000.000000",
"sol_amount": "8.472918473",
"first_seen_slot": 284522100,
"labels": ["wash_trader", "circular_flow"]
}
],
"estimated_value_at_risk": "8472.91",
"detection_slot": 284522500,
"pattern_start_slot": 284522100,
"created_at": "2025-12-07T10:30:00.000Z",
"updated_at": "2025-12-07T10:30:00.000Z",
"status": "active"
}
]
}Field Reference
Response Wrapper
token_address
string
The analyzed token's mint address
is_fraudulent
boolean
Whether any fraud patterns were detected
risk_score
integer
Overall risk score (0-100) based on highest confidence classification
classification_count
integer
Number of distinct fraud patterns detected
classifications
array
Array of FraudClassification objects
FraudClassification
id
string
Unique identifier (UUID) for this classification
token_address
string
The mint address of the token
pair_address
string
The on-chain address of the liquidity pool
fraud_type
string
Type of fraud pattern detected
confidence_score
number
Confidence score from 0.0 to 1.0
confidence_level
string
Human-readable confidence level
evidence
array
Evidence supporting this classification
involved_wallets
array
Wallets identified as part of the fraud
estimated_value_at_risk
string
Estimated USD value at risk
detection_slot
integer
Solana slot when fraud was first detected
pattern_start_slot
integer | null
Solana slot when the fraud pattern began
created_at
string
ISO 8601 timestamp when classification was created
updated_at
string
ISO 8601 timestamp when classification was last updated
status
string
Current status of the classification
Fraud Types
traditional_bundle
9/10
Attacker creates bonding curve and instantly buys significant supply using multiple wallets in a bundled transaction
late_bundle
8/10
Similar to traditional bundle but with delayed execution, allowing some organic trading before the attack
bundle_and_launder
10/10
Attacker sells tokens publicly, then secretly buys back via bundled transactions to different wallets, creating artificial volume
fake_dump
8/10
Insiders sell to create fear, then buy back through related wallets while maintaining or increasing net position
coordinated_exit
9/10
Multiple wallets from the same cluster exit in coordinated fashion, often combined with liquidity drain
wash_volume
7/10
Artificial volume generated through circular trading cycles and sell-buyback patterns with commonly funded wallets
Confidence Levels
critical
0.9 - 1.0
Definitive fraud pattern with overwhelming evidence
high
0.7 - 0.9
Strong evidence of fraud
medium
0.5 - 0.7
Likely fraud pattern
low
0.0 - 0.5
Possible but uncertain
Classification Status
active
Newly detected, not yet reviewed
reviewed
Has been reviewed by analyst
confirmed
Confirmed as fraud
false_positive
Determined to be false positive
archived
Old classification, no longer active
Evidence
id
string
Unique identifier (UUID) for this evidence
evidence_type
string
Type of evidence collected
description
string
Human-readable description of the evidence
weight
number
Weight/importance of this evidence (0.0-1.0)
data
object
Raw data supporting this evidence
collected_at
string
ISO 8601 timestamp when evidence was collected
Evidence Types
bundled_transaction
Bundled transaction detected in the same block
common_funding
Multiple wallets funded by the same source
similar_patterns
Wallets exhibiting similar transaction patterns
supply_concentration
High concentration of token supply in suspicious wallets
suspicious_timing
Suspicious timing correlation between transactions
circular_flow
Circular fund flow detected between wallets
same_block_trades
Multiple wallets trading in the same block
wallet_cluster
Identified cluster of related wallets
price_manipulation
Price manipulation pattern detected
volume_manipulation
Volume manipulation pattern detected
Evidence Data Types
Evidence data is returned as a tagged union with type and payload fields:
Transaction Evidence (type: "transaction")
signatures
array
Transaction signatures involved
slot
integer
Block/slot number
wallets
array
Wallet addresses involved
total_value
string
Total SOL value transferred
is_bundled
boolean
Whether this was a bundled transaction
Wallet Relation Evidence (type: "wallet_relation")
source_wallet
string
Source wallet address
related_wallets
array
Related wallet addresses
relationship
string
Type of relationship (direct_funding, indirect_funding, same_entity, coordinated_trading, common_program)
strength
number
Relationship strength (0.0-1.0)
Supply Distribution Evidence (type: "supply_distribution")
token_address
string
Token mint address
top_holders
array
Top holders with wallet, percentage, and suspicious flag
suspicious_percentage
string
Total supply percentage held by suspicious wallets
gini_coefficient
number
Inequality measure (0.0-1.0, higher = more concentrated)
Timing Evidence (type: "timing")
timestamps
array
ISO 8601 timestamps of suspicious events
slots
array
Solana slots involved
time_deltas_ms
array
Time differences between events in milliseconds
pattern
string
Description of the timing pattern
Involved Wallet
address
string
Wallet address
role
string
Role in the fraud activity
tokens_acquired
string
Total tokens acquired by this wallet
sol_amount
string
SOL spent or received
first_seen_slot
integer
First transaction slot
labels
array
Labels/tags for this wallet
Wallet Roles
attacker
Primary attacker wallet orchestrating the fraud
bundler
Wallet that executes bundled transactions
intermediary
Intermediary wallet used to obscure fund flow
destination
Final destination wallet for tokens or funds
funding_source
Wallet that funded the attack wallets
unknown
Role could not be determined
Example Usage
JavaScript:
const tokenAddress = "5GTRGGnmbMCjCUnc3xMweCgVqDEtSDxTdvVdwutcpump";
const response = await fetch(
`https://enterprise.guardis.io/v1/fraud/check?token_address=${tokenAddress}`,
{
headers: {
"X-API-Key": "your_api_key_here"
}
}
);
const result = await response.json();
if (result.is_fraudulent) {
console.log(`⚠️ FRAUD DETECTED - Risk Score: ${result.risk_score}/100`);
console.log(`Found ${result.classification_count} fraud pattern(s)\n`);
for (const classification of result.classifications) {
console.log(`Fraud Type: ${classification.fraud_type}`);
console.log(`Confidence: ${classification.confidence_level} (${(classification.confidence_score * 100).toFixed(1)}%)`);
console.log(`Value at Risk: $${classification.estimated_value_at_risk}`);
console.log(`Evidence: ${classification.evidence.length} pieces`);
console.log(`Wallets Involved: ${classification.involved_wallets.length}`);
// List attackers
const attackers = classification.involved_wallets.filter(w => w.role === "attacker");
if (attackers.length > 0) {
console.log(`Attacker Wallets:`);
for (const attacker of attackers) {
console.log(` - ${attacker.address}`);
}
}
console.log("");
}
} else {
console.log("✅ No fraud patterns detected");
}Python:
import requests
token_address = "5GTRGGnmbMCjCUnc3xMweCgVqDEtSDxTdvVdwutcpump"
response = requests.get(
"https://enterprise.guardis.io/v1/fraud/check",
params={"token_address": token_address},
headers={"X-API-Key": "your_api_key_here"}
)
result = response.json()
if result["is_fraudulent"]:
print(f"⚠️ FRAUD DETECTED - Risk Score: {result['risk_score']}/100")
print(f"Found {result['classification_count']} fraud pattern(s)\n")
for classification in result["classifications"]:
print(f"Fraud Type: {classification['fraud_type']}")
print(f"Confidence: {classification['confidence_level']} ({classification['confidence_score'] * 100:.1f}%)")
print(f"Value at Risk: ${classification['estimated_value_at_risk']}")
print(f"Evidence: {len(classification['evidence'])} pieces")
print(f"Wallets Involved: {len(classification['involved_wallets'])}")
# List attackers
attackers = [w for w in classification["involved_wallets"] if w["role"] == "attacker"]
if attackers:
print("Attacker Wallets:")
for attacker in attackers:
print(f" - {attacker['address']}")
print()
else:
print("✅ No fraud patterns detected")Clean Response (No Fraud)
When no fraud is detected, the response will indicate a clean token:
{
"token_address": "DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263",
"is_fraudulent": false,
"risk_score": 0,
"classification_count": 0,
"classifications": []
}Error Responses
400
Missing or invalid token_address parameter
401
Missing or invalid API key
404
Token not found in our system
422
Invalid Solana mint address format
500
Internal server error
{
"code": 400,
"message": "Missing required parameter: token_address"
}{
"code": 422,
"message": "Invalid Solana mint address format"
}{
"code": 404,
"message": "Token not found. The token may not have been indexed yet"
}Last updated